[Secure-testing-commits] r37834 - in data: . CVE

Ben Hutchings benh at moszumanska.debian.org
Tue Nov 24 00:22:57 UTC 2015 

Author: benh
Date: 2015-11-24 00:22:57 +0000 (Tue, 24 Nov 2015)
New Revision: 37834

Modified:
   data/CVE/list
   data/dla-needed.txt
Log:
Triage new issues for squeeze


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-11-23 21:10:16 UTC (rev 37833)
+++ data/CVE/list	2015-11-24 00:22:57 UTC (rev 37834)
@@ -246,15 +246,18 @@
 	TODO: check
 CVE-2015-8219 (The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ...)
 	- ffmpeg 7:2.8.2-1
+	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <undetermined>
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=43492ff3ab68a343c1264801baa1d5a02de10167
 CVE-2015-8218 (The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg ...)
 	- ffmpeg 7:2.8.2-1
+	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <undetermined>
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46
 CVE-2015-8217 (The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg ...)
 	- ffmpeg 7:2.8.2-1
-	- libav <undetermined>
+	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
+	- libav <undetermined>	
 	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=93f30f825c08477fe8f76be00539e96014cc83c8
 CVE-2015-8216 (The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg ...)
 	- ffmpeg 7:2.8.2-1
@@ -535,6 +538,7 @@
 CVE-2015-XXXX [Several reads out-of-bound in mplayer]
 	- mplayer <unfixed> (low)
 	[wheezy] - mplayer <no-dsa> (Minor issue)
+	[squeeze] - mplayer <no-dsa> (Minor issue)
 	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/10/8
 	NOTE: Possibly doesn't affect squeeze. Valgrind doesn't report the read out-of-bounds.
 CVE-2015-8102
@@ -2254,6 +2258,7 @@
 CVE-2015-7496 [gdm3: crash when holding Escape in lock screen]
 	RESERVED
 	- gdm3 3.18.2-1
+	[squeeze] - gdm3 <not-affected> (Vulnerable code not present)
 	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758032
 	NOTE: https://git.gnome.org/browse/gdm/commit/?id=5ac2246
 	NOTE: https://git.gnome.org/browse/gdm/commit/?id=05e5fc2

Modified: data/dla-needed.txt
===================================================================
--- data/dla-needed.txt	2015-11-23 21:10:16 UTC (rev 37833)
+++ data/dla-needed.txt	2015-11-24 00:22:57 UTC (rev 37834)
@@ -16,6 +16,8 @@
 --
 eglibc (Raphaël Hertzog)
 --
+ffmpeg
+--
 imagemagick
   NOTE: maintainer might take care of it, cf http://lists.debian.org/D7AE3B74-1C15-4073-9E4E-30803BE1400D@gmail.com
 --
@@ -43,6 +45,8 @@
 pound
   NOTE: updating to the wheezy option might be less error prone
 --
+putty
+--
 quassel (Scott K)
 --
 squid (Santiago R.R.)

More information about the Secure-testing-commits mailing list